On 26/09/17 12:30, Kristian Fiskerstrand wrote: > On 09/26/2017 01:07 PM, Andrew Gallagher wrote: >> So SKS should just say "unverified signature from <fingerprint>". It >> should not repeat the purported user ID, nor provide a search link that >> returns completely unrelated keys that happen to have the same purported ID. > > No, that is also wrong, as it implies that anything is trusted unless > otherwise stated. A malicious actor can claim it is verified all he/she > wants (simply removing the disclaimer).
Um, did you reply to the wrong paragraph? I did mention disclaimers elsewhere, but only in passing (and tongue in cheek). My argument is that we shouldn't be displaying unverified information at all. > The user's default position > NEEDS to be that nothing is verified until it is done locally or by an > explicitly trusted third party. Absolutely. None of this is an argument against users having to do things right. But the way to get users to do things right is to train them to do things right from the start - and you do that by railroading them down the straight and narrow and not even have the option to do it any other way. That way, if the opportunity to do it wrong arises in the future their first instinct will be "this isn't how it's supposed to happen". If you can't train people personally, you have to write your software so that the software trains them. WhatsApp gets the UX *very nearly* right. And since everyone and his dog now uses it that's the new baseline. If it's easier to do it wrong than in WhatsApp, it's broken. If it's harder to understand than WhatsApp, it's broken. If you have to read more instructions than WhatsApp, it's broken. It's no good implementing something correctly if it can be applied incorrectly. Murphy's Law applies. > being able to browse the > keyserver directly is too useful for debugging to completely remove Indeed, but is it necessary to display the untrustworthy user-ID on signatures? The fingerprint should be sufficient. -- Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users